You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Prabhu Joseph (Jira)" <ji...@apache.org> on 2020/07/08 07:44:00 UTC
[jira] [Created] (YARN-10345) HsWebServices containerlogs does not
honor ACLs for completed jobs
Prabhu Joseph created YARN-10345:
------------------------------------
Summary: HsWebServices containerlogs does not honor ACLs for completed jobs
Key: YARN-10345
URL: https://issues.apache.org/jira/browse/YARN-10345
Project: Hadoop YARN
Issue Type: Bug
Components: yarn
Affects Versions: 3.2.0, 3.4.0
Reporter: Prabhu Joseph
Assignee: Prabhu Joseph
Attachments: Screen Shot 2020-07-08 at 12.54.21 PM.png
HsWebServices containerlogs does not honor ACLs. User who does not have permission to view a job is allowed to view the job logs from YARN UI2 through HsWebServices.
*Repro:*
Secure cluster + yarn.admin.acl=yarn,mapred + Root Queue ACLs set to " " + HistoryServer runs as mapred
1. Run a sample MR job using systest user
2. Once the job is complete, access the job logs using hue user from YARN UI2.
YARN CLI works fine.
{code}
[hue@pjoseph-cm-2 /]$
[hue@pjoseph-cm-2 /]$ yarn logs -applicationId application_1594188841761_0002
WARNING: YARN_OPTS has been replaced by HADOOP_OPTS. Using value of YARN_OPTS.
20/07/08 07:23:08 INFO client.RMProxy: Connecting to ResourceManager at rmhostname:8032
Permission denied: user=hue, access=EXECUTE, inode="/tmp/logs/systest":systest:hadoop:drwxrwx---
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:496)
{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org